On 10/31/07 10:11, dhottinger@xxxxxxxxxxxxxxxxxxxxxx wrote:
Not sure if this is the best practice, but it works fine. What I would like to do, instead of dropping this traffic is have it sent to an internal webserver that has our acceptable use policy on it. Is there a REDIRECT command, or what would be the best way to accomplish this. Most of this traffic is actually on port 443, and I cant funnel this through my transparent proxy (squid).
Yes. You want to look in to DNATing the traffic to an internal web server that is specifically set up to do what you are wanting to do.
Hint, set up the web server of your choice that will answer any and all domain names with one single page, the 404 (not found) error page that is the content that you want displayed. That way no matter what is requested, your page will be displayed. I would also suggest that you include the headers to control how long the page is cached for, say 5 - 15 minutes. You may or may not want to return a 200 reply code. Some browsers will display ""Friendly 404 pages and thus not display your text.
Grant. . . . - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html